Orphaned AppServer agents after third-party client sends messages using the AppServer communication protocol

« Go Back

Information

Title	Orphaned AppServer agents after third-party client sends messages using the AppServer communication protocol

URL Name	P182581

Article Number	000165832

Environment	Product: OpenEdge Version: 10.x, 11.x OS: All supported platforms

Question/Problem Description

Orphaned AppServer agents after third-party client sends messages using the AppServer communication protocol
Third-party client sends a specific sequence of packets over time to the listening socket, using the AppServer communication protocol

The following AppServer Agent trace (Ubroker.ClientMemTrace:4,Ubroker.ServerMemTrace:4)

1. Prior to the problem occurring shows:

[13:09:13:393] {C-0017} UBRQ_WRITEDATALAST 0028 10.20.3.61:1582 ---> C-0017

A message received from the client (10.20.3.61:1582) by the client thread (C-0017).
The message is encompassed in one network message.

2. The client thread sends a message to the server thread (S-0019) that it is going to send a request.

[13:09:13:393] {C-0017} UBRQ_INIT_RQ 0000 C-0017 ---> S-0019

3. The client thread sends the message to the server, indicating this is the whole message.

[13:09:13:393] {C-0017} UBRQ_WRITEDATALAST 0028 C-0017 ---> S-0019

4. The client thread receives another request from the client.

[13:09:25:408] {C-0017} UBRQ_WRITEDATALAST 0029 10.20.3.61:1582 ---> C-0017

It is expecting to get a UBRQ_RSPDATA or UBRQ_RSPDATALAST message from the server.
The UBRQ_RSPDATA* message occurs when the server finishes processing the request.

The client thread in the Broker is expecting output from the Agent, but instead receives an unexpected message.
After receiving the unexpected message, the Broker loses communication with the Agent.

Agent remains running without using 100% of the CPU cycles.

Steps to Reproduce

Clarifying Information

Using VUGen, a protocol based testing tool to simulate a vast number of users for a load test on the AppServer.

.NET OpenClient Application is on the front end.

Error Message	Connection failure for host <host_name> port <port> transport TCP. (9407) T-S-0001 1 UB ---------- FSM ERROR: INVALID ACTION state= 6 event = 11 : FSM : ac T-S-0001 1 UB ---------- FATAL ERROR : (2) Protocol Error. (8121) T-C-0015 1 UB ---------- Error Unspecified Error ... disconnecting client. (8091)

Defect Number	Defect OE00204492 / PSC00230666

Enhancement Number

Cause

The AppServer Broker is vulnerable to a Denial Of Service attack that may occur if a third-party client sends a specific sequence of packets over time to the listening socket, using the AppServer communication protocol.

Generally, the issue with runaway Agents can be caused by network messages coming late, duplicated, or out of order from clients (such as WebSpeed Agents) to the AppServer Stateless Broker. AppServer maintains the client and server threads using the State Machine (that’s the SM in FSM) and if state transition is not what is expected with AS state machine, we issue FSM errors.

Resolution

Upgrade to OpenEdge 10.2B07, 11.2.0 or later

Workaround

Notes

Progress Article:

Progress' position on the use of port scanners

Keyword Phrase

Last Modified Date	11/20/2020 7:36 AM